<?php 
   

   // edited to send super user back to viewusers.php screen after user creation / update

   include('/home/decentda/public_html/remotedev.org/VAIL/includes/phpheader.php');
   include('/home/decentda/public_html/remotedev.org/VAIL/includes/db_connect.php'); 

   $id = $_POST["id"];
   $userId = $_SESSION['user_id'];

   $userName = $_POST["name"];
   $location = $_POST["location"];
   $pass1 = $_POST["pass1"];
   $pass2 = $_POST["pass2"];

   $status = $_POST["status"];


   if(!$status)		$status=0; 		else 	$status=1;


   $todayMysql = date("Y-m-d H:i:s", mktime(date("H"),date("i"),date("s"),date("m"), date("d"), date("Y")));


   if($pass1 && $pass1!="" && ($pass1 != $pass2)) {
    
	     header("Location:../admin.php?Action=viewUser&id=".$id."&Error=Passwords do not match.");
	     exit;
   }



   if($insert)
	  //echo $insert."<br/>";
	  mysql_query($insert);



   if($id > 0) { 
    
         //EXISTING USER IS UPDATED

	     if(($pass1!="") && ($pass1 == $pass2)) {	
		     
             $salt = substr(md5(uniqid(rand(), true)), 0, 10);
		       $password = md5($salt.md5($pass1));
		       $passwordUpdate = "update user set salt = '".$salt."', password = '".$password."' where id = '".$id."'";
		       mysql_query($passwordUpdate);
		       //echo $passwordUpdate."<br/>";
	     }
	
	  
        $query = "select status from user where id = ".$id;
	     $row = mysql_fetch_array(mysql_query($query));
	     $old_status = $row["status"];
	
   
        if($old_status != $status) {
		
		      if($status==0) {
			        $insert = "insert into user_history values (NULL, ".$id.",  4, '', '".$todayMysql."')"; 
		      } else {
			        $insert = "insert into user_history values (NULL, ".$id.",  3, '', '".$todayMysql."')"; 
		      }
	     }
	
	
        $update = "Update user set user_name = '".$userName."', location_id = ".$location.", status = ".$status." where id = ".$id;

	     //echo $insert."<br/>";
	     //echo $query."<br/>";
	
	     mysql_query($update);
	     header("Location:../admin.php?Status=User Updated Submitted Successfully");
	     exit();
   
    } else {

         //NEW USER CREATED
	  
        $select = "Select max(id)+1 as id from user";
	     $row = mysql_fetch_array(mysql_query($select));
	     $newId = $row["id"];
	     $salt = substr(md5(uniqid(rand(), true)), 0, 10);
	     $password = md5($salt.md5($pass1));

	     $insert = "insert into user values(".$newId.", '".$userName."', ".$location.", '".$password."', '".$salt."', '', ".$status.", 1)";
	
	     //echo $insert."<br/>";
	     mysql_query($insert);
	
	     if($status==0) {
		      $insert = "insert into user_history values (NULL, ".$newId.",  4, '', '".$todayMysql."')"; 
	     } else {
		      $insert = "insert into user_history values (NULL, ".$newId.",  3, '', '".$todayMysql."')"; 
	     }
	
	     mysql_query($insert);
	     //echo $insert."<br/>";
	     header("Location:../admin.php?Status=User Created Submitted Successfully");
	     exit();
   }

?>